DLGuard
fully integrated with the major payment systems
Paypal
Clickbank
2checkout
Authorize.Net
Click2Sell
1ShoppingCart
LinkPoint
AlertPay
eBay
PayDotCom
Mal's e-commerce
PagSeguro
CCBill
CommerceGate
DigiResults
FastSpring
JVZoo
MultiSafePay
WorldPay
Plimus
WSO Pro
Paypal Digital Goods
RevenueWire
SWReg
     

Flag to Indicate Successful Login

 
Post new topic   Reply to topic    DLGuard Forum Forum Index -> Member's Tips and Tricks!
View previous topic :: View next topic  
Author Message
THN



Joined: 25 Jul 2006
Posts: 32
Location: Brisbane, Australia

PostPosted: Wed Dec 26, 2007 5:36 am    Post subject: Flag to Indicate Successful Login Reply with quote

Hi Sam.

If I've got the sequence of events correct, when this code...
Code:
<?php
  $pathToDLG = "../dlg/";
  $dlgMemberGroup = 1;
  include ($pathToDLG."members/dlgmembers.php");
?>

...at the top of a protected page calls the file "/members/dlgmembers.php", is there a variable/flag set to indicate successful login?

I need to pass login status to an external application. I expect I'll do that by having the DLG-protected webpage write the login status to a small XML file, which the external application can read.

However before I start in on that I thought I'd check if there is anything already existing that I can use, or if you might have any suggestions.

TIA
- Bill
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com
Back to top
View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 31 Jul 2005
Posts: 9396
Location: Australia

PostPosted: Wed Dec 26, 2007 10:14 pm    Post subject: Reply with quote

Hi Bill,

There isn't a flag as such, but basically if you put code onto your members page, it won't run unless a successful login has been made.

You can also find out WHO has logged in by using the PHP variables:

$username
$fullname
$receipt
$group

They can come in handy when writing membership scripts Smile

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard
Back to top
View user's profile Send private message Send e-mail Visit poster's website
THN



Joined: 25 Jul 2006
Posts: 32
Location: Brisbane, Australia

PostPosted: Thu Dec 27, 2007 4:14 am    Post subject: Reply with quote

Thanks Sam. I think the fact that any of those variables have a value would be a sufficient flag. I guess they'll be null or undeclared if the visitor is logged out?

However I seem to have come to something of an impasse with this project, when I realised something: The way I was heading, if any member logged in then the XML file would exist for all members!

I suppose I could be writing those identifying PHP variables to the XML file, but then it all starts to get messy and complex.

Seems to me that what I really need is a way to pass the value of one (or more) of the PHP variables directly to a file on the local hard disk, without going through a server-side file. That is, write the little XML file to the local disk, as what's on the local drive can only be accessed by the individual user.

But if I understand the "rules" of PHP correctly, writing to a local drive is prohibited.

Then again, maybe I'm seeing complexity where it doesn't exist.

Suggestions from any forum denizens of most welcome.
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com
Back to top
View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 31 Jul 2005
Posts: 9396
Location: Australia

PostPosted: Thu Dec 27, 2007 4:41 am    Post subject: Reply with quote

Hi Bill,

That's true - you can't save a file to a user's local disk. This would be a massive security issue.

What is it you really wanted to do? What's the end result you're after?

You could try using a cookie perhaps?

But let me know what you're aiming toward, and I'll see what I can come up with Smile

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard
Back to top
View user's profile Send private message Send e-mail Visit poster's website
THN



Joined: 25 Jul 2006
Posts: 32
Location: Brisbane, Australia

PostPosted: Fri Dec 28, 2007 1:19 am    Post subject: Reply with quote

Thanks Sam.

I think I'm on the track of a solution - just need to get my head around a bit of JavaScript/XML stuff that I'm not familiar with. If it doesn't pan out I'll get back to you. There is one thing on the DLGuard side though that would help...

Is it possible to send the login e-mail address and password directly to DLGuard via a query string appended to a URL?

That would be handy for all sorts of interaction with external apps. Something like logging in from a custom application comes to mind.
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com
Back to top
View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 31 Jul 2005
Posts: 9396
Location: Australia

PostPosted: Fri Dec 28, 2007 6:37 am    Post subject: Reply with quote

Hi Bill,

When you say "send the login e-mail address and password directly to DLGuard via a query string appended to a URL", do you mean you just want to send your customers details to DLGuard, and have DLGuard reply back as to whether or not they're valid?

If so, yes, you can do this!

If you have a look in DLGuard, go to the Help menu and select Developers.

On this page you'll see a couple of options for getting DLGuard to validate your customer's details.

You can use this for customer membership control, or even having your software "call home" to validate a customer really should have access to your software (and also shut it down in case of refund).

Is this what you were after?

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard
Back to top
View user's profile Send private message Send e-mail Visit poster's website
THN



Joined: 25 Jul 2006
Posts: 32
Location: Brisbane, Australia

PostPosted: Fri Dec 28, 2007 11:17 pm    Post subject: Reply with quote

No Sam, I mean instead of manually logging in like this:

http://hackersnightmare.com/THN-Members/index.php

An external application (or a macro, or a hot-key combo, or whatever) could send this instead:

http://hackersnightmare.com/some_DLG_folder/filename.php?UID=connie@HerDomain.com&pw=herpassword

Whereupon the visitor would be silently logged in without going through the login form.
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com
Back to top
View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 31 Jul 2005
Posts: 9396
Location: Australia

PostPosted: Sat Dec 29, 2007 10:18 pm    Post subject: Reply with quote

Oh sorry about that, missed it completely Smile

You can set up a silent login if you wish, but not via the URL directly like your example. The variables would have to be POSTed to your login form.

This can be done via a HTML form, or via a script using CURL or fsock.

It's a pretty simply thing for a programmer.

In fact, you could have a programmer create a script that will read the login details out of the URL, like in your example, and POST them to the members login form.

To the visitor this would just look like they clicked on a link and then appeared inside the members area.

Does this better answer your question?

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard
Back to top
View user's profile Send private message Send e-mail Visit poster's website
THN



Joined: 25 Jul 2006
Posts: 32
Location: Brisbane, Australia

PostPosted: Wed Jan 02, 2008 2:40 am    Post subject: Reply with quote

Hi Sam.

As you know I'm an ASP programmer with little knowledge of PHP, but once you put me on the track with CURL I was able to sort something out. For anyone else who might be interested this is what I came up with. It works fine, but any suggestions for improvement from experienced PHP people most welcome.

Here is the URL that the external application sends to a special page on the target domain; note the appended querystring that contains login credentials:

http://www.DomainName.com/curl.php?uid= member%40MemberEmail.com&pw=somethingtricky

The target of the above URL has the code below placed on a special page. I put it on a page by itself, imaginatively named curl.php, because I think having a special page for it is a good idea for a number of reasons.
Code:
<?php

    $url = 'http://www.LoginDomain.com/LoginForm/index.php';
    // The next line gets the login credentials
    // from the target URL and it's appended querystring.
    $params = "loginEmail=" + $_GET['uidl'] + "&loginPassword=" + $_GET['pw'] + "&loginSubmit=Login"
    $user_agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_POST,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
    curl_setopt($ch, CURLOPT_URL,$url);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);
    curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    // Next line makes it work under https
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

    $result=curl_exec ($ch);
    curl_close ($ch);

    echo("Results: <br>".$result);
?>

There's nothing original there -- basically I just cobbled it together from various examples I found, then spent half an hour experimenting until it worked.

As I said, suggestions for improvement welcome.
_________________
- I'm a C.A.O.S. follower
- http://ComputerAndOnlineSecurity.com
Back to top
View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 31 Jul 2005
Posts: 9396
Location: Australia

PostPosted: Wed Jan 02, 2008 6:46 am    Post subject: Reply with quote

Hi Bill,

Nicely done!

I don't see any obvious way to improve it - it's best to keep things simple, in my opinion, and your script is nice and simple. And the best part - it works Smile

Personally I'd just run with it!

cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Fretless



Joined: 14 Mar 2006
Posts: 13

PostPosted: Sat Apr 12, 2008 6:03 am    Post subject: Reply with quote

admin wrote:

You can set up a silent login if you wish, but not via the URL directly like your example. The variables would have to be POSTed to your login form.


Sam,

I'm trying to do this and so far the script works fine when I plug the URL into the browser - I get logged in just fine.

What I'm not sure how to do is...

How do I make DLG log the user directly into the members area using this URL after payment without going to the default thank you page?

i.e. instead of landing on the membership thank you page they would hit this url and automatically be logged right into the membership area.

I figure using the IPN repost would not work because that does additional processing? Am I right to think it won't override sending the subscriber to the default thank you page?

Will the optional 3rd party script URL work for this? Does all of DLG's regular processing get completed if I do it this way?

Sabrina
_________________
Sizzling Business Ideas
Take As Many As You Can!
Back to top
View user's profile Send private message
Fretless



Joined: 14 Mar 2006
Posts: 13

PostPosted: Sat Apr 12, 2008 7:28 am    Post subject: Reply with quote

Actually I just accomplished what I wanted by adding a snippet of javascript to the membership template.

All I've got to do now I know it works is to code the switch so depending on the membership number the user gets pushed to the membership page they need and logged right in. Or I can choose to send the subscriber to the default membership template if I want.

For anyone who's interested, here's what I hacked together so far:

Code:

<SCRIPT LANGUAGE="JAVASCRIPT" TYPE="TEXT/JAVASCRIPT">
<!--

 function Redirect(username,password) {
 var username="%%customeremail%%";
 var password="%%customerreceipt%%";
   myURL = "http://www.domain.com/mycustomthankyou.php?email="+username+"&receipt="+password;
   window.location = myURL;
 }


window.onload = function() {setTimeout("Redirect()",0);}
//-->
</script>


I'll add the switch statement after I get some sleep.

Sabrina
_________________
Sizzling Business Ideas
Take As Many As You Can!
Back to top
View user's profile Send private message
admin
Site Admin


Joined: 31 Jul 2005
Posts: 9396
Location: Australia

PostPosted: Sat Apr 12, 2008 11:04 pm    Post subject: Reply with quote

Hi Sabrina,

That's brilliant, well done! And thanks for sharing the code!

For future reference:


Paypay IPN Repost:
This will simply repost the IPN data Paypal sends to your own script - so basically it's just like setting up an IPN URL in Paypal. You'll get the raw Paypal sales data.

This allows you to use this data for your own scripts, such as affiliate scripts for example.


Custom URL:
DLGuard will POST sales details to this URL at the point of sale. They're standard sales details that DLGuard has gotten from your customer when they've bought, and they're only posted when the sale is found to be valid.

This is handy for things such as scripts that send passwords, or maybe if you have your own registration system, or even mailing list signup scripts, etc.


cheers
Sam
_________________
Sam Stephens
DLGuard: www.dlguard.com
GuardHQ: www.guardhq.com
-------
Keep up to date with DLGuard and other GuardHQ products: www.guardhq.com/newsletter.php
www.twitter.com/DLGuard
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    DLGuard Forum Forum Index -> Member's Tips and Tricks! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group